Basic Information on Data Protection
Controller: GV2 MADRID BUSINESS SL
Purposes of treatment: Informative website. Management of queries through forms. Management of service promotions. Reserve management. Newsletter subscription.
Lawfulness of treatment: Express consent of the data subject. Execution of a contract or application of pre-contractual measures. Legitimate interest for data processing. Compliance with legal obligations.
Recipients: Data can be transferred to third parties for the creation of cancellation insurance and for managing the reserve. No other transfer of data will be carried out, except for legal obligation.
Rights of data subjects: Access, rectify and erasure the data, as well as other rights, as explained in the additional information.
Additional information: You can consult the additional and detailed information on Data Protection in the attached clauses that can be found https://www.theprincipalmadridhotel.com/es/politica-proteccion-datos/
At GV2 MADRID BUSINESS SL we work to offer you the best possible experience through our products and services. In some cases, it is necessary to collect information to achieve this. We care about your privacy and we believe that we must be transparent about it.
Therefore, and for the purposes of the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (hereinafter "GDPR") on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and the LAW 34/2002, of July 11, 2002, of Services of the Information Society and Electronic Commerce (hereinafter, "LSSI"), GV2 MADRID BUSINESS SL informs the user that, as data controller, will incorporate the personal data provided by users in an automated file.
Our commitment starts by explaining the following to you:
- We collect your data to improve the user experience by addressing your interests and needs.
- We are transparent about what data we collect about you and why we collect it.
- Our intention is to provide you with the best possible experience. Therefore, when we use your personal information, we will always do so in a compliant manner, and where necessary, we will ask for your consent.
- We understand that your information belongs to you. Therefore, if you choose not to give us permission to process it, you can ask us to stop processing it.
1. Who is the controller for the processing of your personal data?
The personal data that you have provided us with in this and other communications maintained with you will be included in the Registries of Processing Activities of GV2 MADRID BUSINESS SL with postal address at Pg. de Gràcia, 112, 3º, CP: 08008 Barcelona, Barcelona, Spain and e-mail firstname.lastname@example.org
2. What personal data do we collect?
The personal data that the user may provide:
- Name, address and born date.
- Telephone number and email address.
- Payments and deliveries information.
- IP address, date and time in which you access to our services, browser and data about the operating system of your device.
- Any other information or data that you decide to share with us.
Most of the personal information we process is provided to us directly by you. In some cases, it is obligatory to fill in a form to access certain services. Not providing the personal data requested or not accepting this data protection policy means the impossibility of navigating the website.
3. Why do we process your data?
Depending on the purposes we will need to process some data or others, which in general will be, depending on the case, the following:
- Manage orders or hire any of our services, either online or in the physical stores.
- Manage the sending of the information requested.
- Develop commercial actions and carry out the maintenance and management of the relationship with the user, as well as the management of the services offered through the website and the information tasks, being able to carry out automatic evaluations, obtaining profiles and customer segmentation tasks in order to personalize the treatment according to their characteristics and needs and improve the customer's online experience.
- Develop and manage contests, raffles or other promotional activities that may be organized.
- In some cases, it will be necessary to provide information to Authorities or third companies for auditing purposes, as well as to handle personal data of invoices, contracts and documents to respond to customer or Public Administration complaints.
- We report that personal data obtained as a result of your registration as a user will be part of (RAT), which will be regularly updated according to the RGPD.
4. What is the lawful basis for the processing of your data?
The processing of your data can be based on the following legal bases:
- Express consent of the data subject. The user is informed of the possibility of withdrawing consent in the event that it has been granted for a specific purpose, without affecting the legality of the processing based on consent prior to withdrawal.
- Execution of a contract or application of pre-contractual measures.
- Legitimate interest for data processing.
- Compliance with legal obligations.
5. How long do we keep your personal data for?
The processing of the data for the purposes described will be maintained for the time necessary to meet the purpose of their collection, as well as for compliance with legal obligations arising from the processing of data.
6. To which recipients is your data communicated?
On some occasions, only when necessary, GV2 MADRID BUSINESS SL will provide user data to third parties. However, data shall not be sold to any third party. External service providers (eg. payment suppliers or delivery companies) GV2 MADRID BUSINESS SL will be working with are allowed to use such data in order to provide the corresponding services; nevertheless, such information will not be used for their own purposes or transferred to any third party.
The reservations system is managed by INTEDOCS SOLUCIONES DIGITALES S.L , ensuring protection and confidentiality of personal data of any kind to be provided by users, in accordance with the General Regulation for Personal Data Protection. All data provided by users to INTEDOCS SOLUCIONES DIGITALES S.L or to their staff will be included in an automated personal data file created and maintained under the responsibility of INTEDOCS SOLUCIONES DIGITALES S.L , that are indispensable to render the services requested.
The data provided will be treated under the terms established by the General Regulation for Personal Data Protection. In this sense, INTEDOCS SOLUCIONES DIGITALES S.L has adopted the legally required safety and data protection levels and has installed all the technical means and measures available, to prevent the loss, misuse, alteration, unauthorized access by third parties. However, the user must bear in mind that Internet security measures are not impregnable.
In the event that it is considered opportune to surrender your personal data to such third parties, the user will be informed of the explicit purpose of the file, data transferred and the name and address of the transferee to its unequivocal consent in this regard.
In compliance with the established in the Spanish General Register of Data Protection Agency (RGPD) users may exercise their right to access, rectify, cancel/suppress, oppose and restrict said information. Please, contact INTEDOCS SOLUCIONES DIGITALES S.L, CIF B64554629 c/ Dr. August Pi i Sunyer 9-11, Bajos, 08034, Barcelona email@example.com
Likewise, any transfer, will be informed to the data subject through the consent clauses established by data protection regulations.
GV2 MADRID BUSINESS SL ensures the security of personal data when it is sent outside the company and ensures that third party service providers respect confidentiality and have appropriate measures in place to protect personal data. Such third parties have an obligation to ensure that the information is treated in accordance with data privacy regulations.
In some cases, the Law may demand disclosure of personal data to certain public authorities or other parties, only the strictly necessary information will be disclosed to ensure its compliance with legal obligations.
Personal data shall also be shared with other companies within the corporate group.
7. Where is your data stored?
In general, the data is stored in the EU. With regards to data sent to third parties outside the EU, we will ensure that they offer a sufficient level of protection, so that they have binding corporate standards (BCR).
8. What rights do you have and how can you exercise them?
Under data protection law, you have rights we need to make you aware of. You may address your communications and exercise your rights by written communication to the following email: firstname.lastname@example.org
Under the provisions of data protection regulations, you can apply:
- Right of access: You can ask for information of those personal data that we have about you. You have the right to ask us for copies of your personal information.
- Right to rectification: You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. You can communicate any change in your personal data.
- Right to erasure: You can request the deletion after blocking personal data.
- Right to restriction of processing: You have the right to ask us to restrict the processing of your information in certain circumstances.
- Right to object to processing: You can withdraw your consent to the processing of your data, opposing further processing.
- Right to portability: In some cases, you can request a copy of the personal data in a structured format, commonly used and machine-readable for transmission to another data controller.
- The right not to be the subject of individualized decisions: You may request that decisions not be taken which are based solely on automated processing, including profiling, which produces legal effects or significantly affects the data subject.
In some cases, the request may be refused if you request that data necessary for the fulfilment of legal obligations be deleted. Also, if you have a complaint about the processing of data you can submit a complaint to the data protection authority.
9. Who is responsible for the accuracy and veracity of the data provided?
GV2 MADRID BUSINESS SL is only responsible for the veracity of its own elaboration information. GV2 MADRID BUSINESS SL reserves the right to update, modify or eliminate the information contained in its web pages and may even limit or deny access to said information. GV2 MADRID BUSINESS SL is exonerated from any responsibility for any damage or harm that the user may suffer as a result of errors, defects or omissions in the information provided by GV2 MADRID BUSINESS SL, provided that this comes from sources outside or publics the company.
GV2 MADRID BUSINESS SL is not liable for the accuracy of the data provided by their users. It is user’s liability to guarantee, in any case, the accuracy and authenticity of the personal data provided. The user agrees to provide complete and correct information.
GV2 MADRID BUSINESS SL is exonerated from any liability in this respect and therefore does not assume any responsibility with regards to hypothetical damages that may arise from the use of said information.
10. How do we process personal data of minors?
In principle, our services are not specifically addressed to minors. However, in the event that any of them are addressed to minors under fourteen years of age, in accordance with article 8 of GDPR and article 7 of LO3/2018, of 5 December (LOPDGDD), UNICO MADRIDSL will require the valid, free, unequivocal, specific and informed consent of their legal guardians in order to process the personal data of minors. In this case, the DNI or other form of identification of the person giving consent will be required.
In the case of persons over fourteen years of age, data may be processed with the consent of the user, except in those cases in which the law requires the assistance of the holders of parental authority or guardianship.
11. What security measures do we apply to protect your personal data?
GV2 MADRID BUSINESS SL has adopted the legally required levels of security for the protection of personal data, and tries to install those other additional technical means and measures at its disposal to prevent the loss, misuse, alteration, unauthorized access and theft of personal data provided to GV2 MADRID BUSINESS SL.
GV2 MADRID BUSINESS SL is not responsible for hypothetical damages that may arise from interference, omissions, interruptions, computer viruses, telephone breakdowns or disconnections in the operation of this electronic system, caused by reasons beyond the control of GV2 MADRID BUSINESS SL; delays or blockages in the use of this electronic system caused by deficiencies or overloads of telephone lines or overloads in the Data Processing Centre, in the Internet system or in other electronic systems, as well as damage that may be caused by third parties through unlawful interference beyond the control of GV2 MADRID BUSINESS SL. Nevertheless, the user must be aware that Internet security measures are not impregnable.
12. Links to other websites
However, if you do not want cookies to be installed on your hard drive, you can configure your browser to prevent the installation of these files. For more information, please see our Cookies Policy https://www.theprincipalmadridhotel.com/es/politica-proteccion-datos/
14. Updates to this Notice